package org.openslx.imagemaster.db;

import java.io.File;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import javax.net.ssl.TrustManagerFactory;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.log4j.Logger;
import org.apache.mina.filter.ssl.KeyStoreFactory;
import org.openslx.imagemaster.Globals;
import org.openslx.imagemaster.session.User;
import org.openslx.imagemaster.thrift.iface.AuthenticationError;
import org.openslx.imagemaster.thrift.iface.AuthenticationException;
import org.openslx.imagemaster.util.Sha512Crypt;

/* loaded from: input_file:org/openslx/imagemaster/db/LdapUser.class */
public class LdapUser extends User {
    private static final Logger log = Logger.getLogger(LdapUser.class);

    protected LdapUser(int i, String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        super(i, str, str2, str3, str4, str5, str6, str7);
    }

    public static LdapUser forLogin(String str, String str2) throws AuthenticationException {
        String[] split = str.split("_");
        if (split.length != 2) {
            throw new AuthenticationException(AuthenticationError.GENERIC_ERROR, "Login must be in form: prefix_username");
        }
        LdapConnection ldapConnection = null;
        try {
            try {
                try {
                    try {
                        try {
                            LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
                            String ldapHost = Globals.getLdapHost();
                            log.debug("Setting host... " + ldapHost);
                            ldapConnectionConfig.setLdapHost(ldapHost);
                            boolean ldapSsl = Globals.getLdapSsl();
                            log.debug("Setting use ssl... " + ldapSsl);
                            ldapConnectionConfig.setUseSsl(ldapSsl);
                            int ldapPort = Globals.getLdapPort();
                            log.debug("Setting port... " + ldapPort);
                            ldapConnectionConfig.setLdapPort(ldapPort);
                            KeyStoreFactory keyStoreFactory = new KeyStoreFactory();
                            keyStoreFactory.setDataFile(new File(Globals.getLdapKeystorePath()));
                            keyStoreFactory.setPassword(Globals.getLdapKeystorePassword());
                            keyStoreFactory.setType("jks");
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(keyStoreFactory.newInstance());
                            ldapConnectionConfig.setTrustManagers(trustManagerFactory.getTrustManagers());
                            LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(ldapConnectionConfig);
                            log.debug("Trying to bind...");
                            ldapNetworkConnection.bind(Globals.getLdapBindQuery().replace("%", str), str2);
                            log.debug("Bind successful");
                            EntryCursor search = ldapNetworkConnection.search(Globals.getLdapSearchBaseDn(), Globals.getLdapSearchFilter().replace("%", str), SearchScope.SUBTREE, new String[0]);
                            search.next();
                            Entry entry = search.get();
                            String str3 = entry.get(SchemaConstants.CN_AT).toString().split(" ")[1].split("@")[0];
                            String str4 = entry.get(SchemaConstants.CN_AT).toString().split("@")[1];
                            String string = entry.get("givenName").getString();
                            String string2 = entry.get(SchemaConstants.SN_AT).getString();
                            String string3 = entry.get("mail").getString();
                            DbSatellite fromSuffix = DbSatellite.fromSuffix(str4);
                            if (fromSuffix == null) {
                                throw new AuthenticationException(AuthenticationError.GENERIC_ERROR, "Your Organization is not known by the server. Please contact your administrator.");
                            }
                            LdapUser ldapUser = new LdapUser(0, str3, Sha512Crypt.Sha512_crypt(str2, null, 0), str4, string, string2, string3, fromSuffix.getAddress());
                            try {
                                ldapNetworkConnection.unBind();
                                ldapNetworkConnection.close();
                            } catch (IOException | LdapException e) {
                            }
                            return ldapUser;
                        } catch (Throwable th) {
                            try {
                                ldapConnection.unBind();
                                ldapConnection.close();
                            } catch (IOException | LdapException e2) {
                            }
                            throw th;
                        }
                    } catch (NoSuchAlgorithmException e3) {
                        e3.printStackTrace();
                        try {
                            ldapConnection.unBind();
                            ldapConnection.close();
                            return null;
                        } catch (IOException | LdapException e4) {
                            return null;
                        }
                    }
                } catch (KeyStoreException | NoSuchProviderException | CertificateException e5) {
                    e5.printStackTrace();
                    try {
                        ldapConnection.unBind();
                        ldapConnection.close();
                        return null;
                    } catch (IOException | LdapException e6) {
                        return null;
                    }
                }
            } catch (LdapException e7) {
                if (!e7.getMessage().contains("Cannot connect on the server")) {
                    e7.printStackTrace();
                    throw new AuthenticationException(AuthenticationError.GENERIC_ERROR, "Something went wrong.");
                }
                DbSatellite fromPrefix = DbSatellite.fromPrefix(split[0]);
                if (fromPrefix == null) {
                    throw new AuthenticationException(AuthenticationError.INVALID_CREDENTIALS, "Credentials invalid.");
                }
                String str5 = split[1] + "@" + fromPrefix.getOrganizationId();
                log.info("LDAP server could not be reached. Trying to connect locally with: " + str5);
                LdapUser localLogin = localLogin(str5, str2);
                try {
                    ldapConnection.unBind();
                    ldapConnection.close();
                } catch (IOException | LdapException e8) {
                }
                return localLogin;
            }
        } catch (IOException e9) {
            e9.printStackTrace();
            try {
                ldapConnection.unBind();
                ldapConnection.close();
                return null;
            } catch (IOException | LdapException e10) {
                return null;
            }
        } catch (CursorException e11) {
            e11.printStackTrace();
            throw new AuthenticationException(AuthenticationError.INVALID_CREDENTIALS, "Could not find user entry.");
        }
    }

    private static LdapUser localLogin(String str, String str2) {
        DbUser forLogin = DbUser.forLogin(str);
        if (forLogin != null && Sha512Crypt.verifyPassword(str2, forLogin.password)) {
            return new LdapUser(forLogin.userId, forLogin.login, Sha512Crypt.Sha512_crypt(str2, null, 0), forLogin.organizationId, forLogin.firstName, forLogin.lastName, forLogin.eMail, forLogin.satelliteAddress);
        }
        return null;
    }
}
